cleantalk
Vulnerabilities and Security Researches

Request a Quote, 5e7ad671f8a77a469a90b6a2aae807bbb1bc5199

CVE, Research URL

5e7ad671f8a77a469a90b6a2aae807bbb1bc5199

Home page URL

Security reports for Request a Quote

Application

Request a Quote

Published on
Jun 30, 2023
Research Description
Request a Quote Form Plugin – Price Quote Request Management Made Easy [request-a-quote] < 2.3.11 Request a Quote <= 2.3.10 - Cross-Site Request Forgery The Request a Quote plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.10. This is due to missing nonce validation on the emd_show_forms_lite_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.3.11.
Status
vulnerable
Previous vulnerability researches
WPvivid Backup for MainWP (ec00cf2f6a6757dc3371250c1689bf0e482f89f9) , Jun 16, 2026
WPvivid Backup for MainWP (2c3fbbc425bd92d0f969e669e6a4b8564997aa02) , Jun 16, 2026
WPvivid Backup for MainWP (CVE-2024-35664) , Jun 06, 2024
WPvivid Backup for MainWP (CVE-2024-1383) , Jun 06, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026